DELL N3000 User Manual
238
Configuring Authentication, Authorization, and Accounting
You can configure each server host with a specific connection type, port,
timeout, and shared key, or you can use global configuration for the key and
timeout.
The TACACS+ server can do the authentication itself, or redirect the request
The TACACS+ server can do the authentication itself, or redirect the request
to another back-end device. All sensitive information is encrypted and the
shared secret is never passed over the network; it is used only to encrypt the
data.
Which TACACS+ Attributes Does the Switch Support?
Table 10-6 lists the TACACS+ attributes that the switch supports and
indicates whether the authorization or accounting service supports sending or
receiving the attribute. The authentication service does not use attributes.
You can configure these attributes on the TACACS+ server(s) when utilizing
the switch TACACS+ service.
Table 10-6. Supported TACACS+ Attributes
Attribute Name
Exec Authorization
Command
Authorization
Accounting
cmd
both (optional)
sent
sent
cmd-arg
sent
elapsed-time
sent
priv-lvl
received
protocol
sent
roles
both (optional)
service=shell
both
sent
sent
start-time
sent
stop-time
sent